objects.qos.policy: support per type rule lists as synthetic fields
This is a significant piece of work.
It enables neutron objects to define fields that are lazily loaded on
field access. To achieve that,
- field should be mentioned in cls.synthetic_fields
- obj_load_attr should be extended to lazily fetch and cache the field
Based on this work, we define per type rule fields that are lists of
appropriate neutron objects. (At the moment, we have only single type
supported, but I tried hard to make it easily extendable, with little or
no coding needed when a new rule type object definition is added to
rule.py: for example, we inspect object definitions based on
VALID_RULE_TYPES, and define appropriate fields for the policy object).
To implement lazy loading for those fields, I redefined get_by_id for
rules that now meld fields from both base and subtype db models into the
corresponding neutron object.
Added a simple test that checks bandwidth_rules attribute behaves for
policies.
Some objects unit test framework rework was needed to accomodate
synthetic fields that are not propagated to db layer.
Moshe Levi [Wed, 24 Jun 2015 15:44:08 +0000 (18:44 +0300)]
Qos Agent Extension
This patch introduces the following:
QosAgentExtension - implementation of AgentCoreResourceExtension
QosAgentDriver - interface class
This will allow any agent to implement their own low level driver for
Qos Agent Extension.
Co-Authored-By: Miguel Angel Ajo <mangelajo@redhat.com>
Change-Id: I9e388173dfe0eb43c961018bd687bc86f34c7a6a
Enforce specific order for firewall.(un)filtered_ports and devices
Lots of tests in the file rely on specific order of devices and ports
with which they are iterated thru inside firewall implementation. This
is needed to match a regexp against iptables output generated by the
firewall driver.
In production code, those .(un)filtered_ports dictionaries are
unordered, and it would be not wise to enforce the order for them just
for the sake of those unit tests.
Instead, we 'patch' the agent firewall with ordered versions of dict for
those attributes.
Also enforce specific order for device_info dictionaries we pass into
firewall.
The failure was easily reproducible with PYTHONHASHSEED=111, and after
the fix, it's gone.
While at it, stop making assumptions about stable order of dict.values()
between multiple dictionaries with the same keys. It may actually work
for now, but it seems fragile. Overall simplified regex construction
code a bit, f.e. killing some dead or redundant code.
It was using wrong call to delete an object from a session.
Also, expanded test_create() test to check all basic operations:
get_by_id, create, update, and delete.
To facilitate update() check, introduced a new field for objects called
fields_to_update that stores names of fields that are not expected to be
updated in an object. This allows us to keep the above mentioned test
untangled from specific object type.
Also made get_by_id() behave correctly (returning None) if the object
does not exist.
objects.base: reset changes after getting objects from database
Now all objects are comparable.
We need to reset changes, otherwise an object that is constructed and
.create()d is different from the one that is .get_by_id()d from database
(for primitive serialization contains list of changed fields for
versioned objects).
Added initial sql test case for objects (just create-fetch for policy
for now, but can be easily extended to other types).
BaseObjectTestCase: rename test_class into _test_class
It seems that testtools are trying to load that class as if it's a test
case (for it considers everything inside a test class named as test_* as
a test case).
Dan Prince [Thu, 9 Jul 2015 19:31:13 +0000 (15:31 -0400)]
get_vif_ports: ignore non-Interface ports
This patch updates get_vif_ports so that it skips
ports which aren't in the 'Interfaces' table.
This fixes an issue where neutron-ovs-cleanup would
fail if any sort of OVS bond was on the bridge getting
cleaned up. This is because bonds don't have the same
attributes as ports, and thus fail subsequent ovs-vsctl
queries.
Wei Wang [Thu, 25 Sep 2014 09:49:59 +0000 (17:49 +0800)]
Fix duplicate entry catch for allowed address pairs
If None is submitted as a MAC address in an allowed_address_pair,
the port MAC will be used. So if two entries are submitted with the
same IP and one's MAC is None while the others is the port's MAC,
they will pass the API duplication check and fail to insert into the DB
due to a unique constraint violation.
This patch catches the db error and turns it into the same exception
the API uses on duplicate entries.
The new version of mock is now released which has the fix to
make mock.patch.stopall behave deterministically. The code to
stop double-mocking is no longer required.
Other fixes:
'assert_has_calls' that have changed behavior in the new version
(no longer accepts single calls).
Calls to non-existent assert methods that did not exist and were
silently passing.
Use of autospec on a class with decorated functions.
Arista ML2 Mech driver for VLANs presently does
not filter out non-vlan type networks (e.g vxlan).
This fix will simply ignore the request if a
non-vlan based network request is seen.
Sean M. Collins [Fri, 26 Jun 2015 17:14:41 +0000 (11:14 -0600)]
Make IPAM more pythonic
__init__.py is usually an empty file, or contains platform specific
code to make the package function. One more use is to have __init__.py
contain import statements, to import functions and classes, for convenience.
get_snat_candidates() is about DVR routers scheduling and hence
should be a method of L3_DVRsch_db_mixin.
This commit does not modify anything, just moves.
Pavel Bondar [Wed, 4 Feb 2015 13:13:28 +0000 (16:13 +0300)]
Allow IPAM backend switch
Changed inheritance chain for NeutronDbPluginV2 to allow switching from
non-pluggable to pluggable IPAM implementation.
IpamNonPluggableBackend methods are called on it's instance,
instead of previous way where IpamNonPluggableBackend was parent for
NeutronDbPluginV2.
It allows switching IPAM implementation in set_ipam_backend
(IpamNonPluggableBackend to IpamPluggableBackend).
All methods that became public in IpamNonPluggableBackend were renamed.
This is refactoring step before Pluggable IPAM can be applied.
Move update_security_group_on_port to SecurityGroupDbMixin
Previously this function lived in SecurityGroupServerRpcMixin. This
patch moves this function to SecurityGroupDbMixin so plugins who don't
use SecurityGroupServerRpcMixin can leverage this function. This patch
has no affect to anyone using SecurityGroupServerRpcMixin as that inherits
from SecurityGroupDbMixin.
In Arista ML2 driver Reconfigure VLAN on VM migration
Whenever a VM moves from one compute node to the other, the VLAN on the old
switch interface was not removed and the VLAN was not being provisioned on the
new switch interface. With this patch, the VLANs are provisioned correctly.
Carl Baldwin [Tue, 7 Jul 2015 16:41:03 +0000 (16:41 +0000)]
Add IP_ANY dict to ease choosing between IPv4 and IPv6 "any" address
I'm working on a new patch that will add one more case where we need
to choose between 0.0.0.0/0 and ::/0 based on the ip version. I
thought I'd add a new constant and simplify a couple of existing uses.
The result of get_sorts was a 'zip object' in Python 3, and it was later used
as a list, which fails. Just cast the result to a list to fix this issue.
Pavel Bondar [Thu, 2 Jul 2015 08:35:18 +0000 (11:35 +0300)]
Track allocation_pools in SubnetRequest
To keep pluggable and non-pluggable ipam implementation consistent
non-pluggable one has to be switched to track allocation_pools and
gateway_ip using SubnetRequests.
SubnetRequest requires allocation_pools to be list of IPRanges.
Previously allocation_pools were tracked as list of dicts.
So allocation_pools generating and validating was moved before
SubnetRequest is created.
Kevin Benton [Tue, 30 Jun 2015 04:05:08 +0000 (21:05 -0700)]
Add ARP spoofing protection for LinuxBridge agent
This patch adds ARP spoofing protection for the Linux Bridge
agent based on ebtables. This code was written to be minimally
invasive with the intent of back-porting to Kilo.
The protection is enabled and disabled with the same
'prevent_arp_spoofing' agent config flag added for the OVS agent
in I7c079b779245a0af6bc793564fa8a560e4226afe.
The protection works by setting up an ebtables chain for each port
and jumping all ARP traffic to that chain. The port-specific chains
have a default DROP policy and then have allow rules installed that
only allow ARP traffic with a source CIDR that matches one of the
port's fixed IPs or an allowed address pair.
Carl Baldwin [Tue, 30 Jun 2015 20:22:46 +0000 (20:22 +0000)]
Refactor init_l3 to separate router port use case
Future work will extend init_l3 with more code specific to router
ports. It makes sense to separate these out in to one basic method
with basic L3 and another for router port specific logic.
Code Review / openstack-build / neutron-build.git / log